Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UZOQ7-0004RM-VR for bitcoin-development@lists.sourceforge.net; Mon, 06 May 2013 16:37:47 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.113 as permitted sender) client-ip=62.13.148.113; envelope-from=pete@petertodd.org; helo=outmail148113.authsmtp.com; Received: from outmail148113.authsmtp.com ([62.13.148.113]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1UZOQ6-0003Xo-35 for bitcoin-development@lists.sourceforge.net; Mon, 06 May 2013 16:37:47 +0000 Received: from mail-c226.authsmtp.com (mail-c226.authsmtp.com [62.13.128.226]) by punt10.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id r46GbcV3070341; Mon, 6 May 2013 17:37:38 +0100 (BST) Received: from petertodd.org (petertodd.org [174.129.28.249]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r46GbXS2068383 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 6 May 2013 17:37:35 +0100 (BST) Date: Mon, 6 May 2013 12:37:32 -0400 From: Peter Todd To: Jeff Garzik Message-ID: <20130506163732.GB5193@petertodd.org> References: <20130506161216.GA5193@petertodd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="98e8jtXdkpgskNou" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 41f12d47-b66b-11e2-98a9-0025907ec6c5 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdgQUFVQNAgsB AmUbWlNeU1p7WmY7 ag1VcwRfa1RMVxto VEFWR1pVCwQmQxgH cUx2MRtycQ1FcH0+ ZEdnWnQVWEUsdEQp RklJR2sAN3phaTUd TUlQJgpJcANIexZF bQUsUiAILwdSbGoL NQ4vNDcwO3BTJTpY RgYVKF8UXXNDMj8n TBccEC8+WkQJSz97 NxUtKVMABw5RLUwp YxMaVEgGMhQfQgdf A1ovSCFePREZXTct AA8SW0kSHSYcKQAA X-Authentic-SMTP: 61633532353630.1020:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 174.129.28.249/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1UZOQ6-0003Xo-35 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Discovery/addr packets (was: Service bits for pruned nodes) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2013 16:37:48 -0000 --98e8jtXdkpgskNou Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 06, 2013 at 12:20:12PM -0400, Jeff Garzik wrote: > > Security will be no worse than before - if any one server/seed is honest > > you're ok - and hopefully better due to the accountability. Obviously >=20 > Indeed, the DNS seeds are just servers run by trusted individuals anyway. Yup, and lets be really clear here: what I'm saying about existing DNS seeds selecting peers from a wider pool isn't to fundementally reduce the trust in those seeds, it's to reduce the amount of effort the people *running* the seeds need to expend to return safe results. > In either case, bitcoinj definitely wants fixing for its over-reliance > on DNS seeds. This has been noted as a problem for a while. Anyway, DNS returns unsigned data usually - DNSSEC is not widely implemented - so at least an alternative seed system with SSL certs could provide a way of getting results from the seed to you in the first place with a different set of vulnerabilities. (I'm not going to say it's really more secure - your ISP can MITM your connections to those remote nodes anyway - but the types of attacks are at least different) Speaking of, off-topic for this discussion, but in the future node-to-node communicate should be encrypted and signed, and seeds should have a mechanism to return the pubkey the node will use for communication. This would protect against your ISP MITM attacking your communications with every node. Of course, Tor hidden service nodes do this already essentially. --=20 'peter'[:-1]@petertodd.org 000000000000001882c602178bd4dc6501ecd65db1e1380224be98c923043c07 --98e8jtXdkpgskNou Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlGH3EwACgkQpEFN739thoxKQACfRrVV4OPjrpSTjB/p3loJl9tQ g+0AnRorqNdFfFGoy66hJrLe/Lu4UlA3 =xY63 -----END PGP SIGNATURE----- --98e8jtXdkpgskNou--